What's left to doo on NTS

[Richard Laager]

On 3/4/19 3:46 AM, Hal Murray via devel wrote:
> Plan A is to give all the servers the certificate and private key for 
> time.nist.gov and do the load sharing via traditional DNS rotation.  The 
> disadvantage with that is that there are many copies of the private key out 
> there.  One leak and the whole system goes insecure.
> 
> Plan B gives the servers individual certificates and names.  Now we have to do 
> the load sharing at the DNS level.  I'm not a DNS wizard.  NIST already uses 
> CNAMEs for this.  There is no POSIX API for getting the CNAME, so we would 
> have to write some DNS code or find a library we like.

CNAMEs don't really help. Certificate validation uses the original name
anyway. Each server would have a separate time.nist.gov certificate and
key. This makes it easier to cleanup after a partial compromise (because
you can revoke just the one certificate), but is otherwise the same as
A. And when you have a cluster of identical machines, how likely is a
partial compromise anyway?

Another option is for the names to be user-visible and require the users
to pick time-a.nist.gov vs time-b.nist.gov. This is useful, as you noted
below, if the servers are in different locations, which NIST does have.
> Plan B and C can coexist.  Pick a nearby server by hand and use plan B.  Or 
> talk to the generic KE server and it will give you IP Address and initial 
> cookies.

-- 
Richard